package com.digitalchina.dcn.dcss.web.shiro.filter;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.RolesAuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import java.io.IOException;

/**
 * Created by Administrator on 2016/7/18 0018.
 */
public class AnyRoleAuthorizationFilter extends RolesAuthorizationFilter {

    public AnyRoleAuthorizationFilter() {

    }

    @Override
    public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException {
        Subject subject = this.getSubject(request, response);
        String[] rolesArray = (String[])((String[])mappedValue);
        if(rolesArray != null && rolesArray.length != 0) {
//            Set roles = CollectionUtils.asSet(rolesArray);
            if (rolesArray == null || rolesArray.length == 0) {
                return true;
            }
            // 只要有一个角色 即通过
            for (String role : rolesArray) {
                if (subject.hasRole(role)) {
                    return true;
                }
            }
            return false;
        } else {
            return true;
        }
    }
}
